[56K WARN]sql UPDATE not working on localhost

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

But there's really no point in replacing a character by the same character (or did the board "eat" a \ here? )
There are also other character that should be "treated". I suggest using mysql_real_scape_string.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

+1 volka. Using mysql_real_escape_string() is a lot safer and less resource intensive than str_replace. And besides, the replace you are doing is quite literally replacing a character with it's exact same character. And there is no need to turn magic quotes on. In fact, it is better for you to leave it off.
invisibled
Forum Contributor
Posts: 112
Joined: Sun Apr 29, 2007 3:35 pm
Location: New Westminster

Post by invisibled »

i already said i haven't finished the script, its going to be replacing single quotes with hardcoded quotes but that has nothing to do with anything.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

invisibled wrote:i already said i haven't finished the script, its going to be replacing single quotes with hardcoded quotes but that has nothing to do with anything.
Your assuming you know more than us. I would do as Pickle said and echo your queries. I can see right off the bat what the problem could be, without speculating.
invisibled
Forum Contributor
Posts: 112
Joined: Sun Apr 29, 2007 3:35 pm
Location: New Westminster

Post by invisibled »

I do know more than you guys, because its my script, and I am telling you about it and your telling me im wrong, when im not and getting completely off topic with that whole single quote thing lol.

my queries are posted on the first page...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

invisibled wrote:I am telling you about it and your telling me im wrong, when im not and getting completely off topic with that whole single quote thing lol.
Let's assume you're not wrong then your script is missing something, see http://de3.php.net/security.database.sql-injection
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Are you making sure to use long opening tags (<?php) instead of short open tags (<?) on your local server. According to the server data page you posted, short tags are off on localhost but I see them in your code.
Post Reply